New malware families found targeting VMware ESXi hypervisors


Threat actors have been found to use never-before-seen post-compromise implants in VMware’s virtualization software to take control of infected systems and evade detection.

Google’s Client Threat Intelligence Division called it a “new malware ecosystem” that affects VMware ESXi, Linux vCenter servers and Windows virtual machines, allowing attackers to maintain persistent access to the hypervisor and run arbitrary commands.

According to the cybersecurity provider, the hyperjacking attacks involved using malicious vSphere installation packages (VIBs) to inject two implants called VIRTUALPITA and VIRTUALPIE into the ESXi hypervisors.

Internet security

β€œIt is important to emphasize that this is not an external remote code execution vulnerability; the attacker needs administrative privileges on the ESXi hypervisor before deploying malware,” said Mandiant researchers Alexander Marvi, Jeremy Koppen, Tufail Ahmed and Jonathan Lepore in a detailed two-part report.

There is no…

Source link


Please enter your comment!
Please enter your name here